View Javadoc

1   // ========================================================================
2   // Copyright (c) 2008-2009 Mort Bay Consulting Pty. Ltd.
3   // ------------------------------------------------------------------------
4   // All rights reserved. This program and the accompanying materials
5   // are made available under the terms of the Eclipse Public License v1.0
6   // and Apache License v2.0 which accompanies this distribution.
7   // The Eclipse Public License is available at 
8   // http://www.eclipse.org/legal/epl-v10.html
9   // The Apache License v2.0 is available at
10  // http://www.opensource.org/licenses/apache2.0.php
11  // You may elect to redistribute this code under either of these licenses. 
12  // ========================================================================
13  
14  package org.eclipse.jetty.security.authentication;
15  
16  import java.io.IOException;
17  
18  import javax.servlet.ServletRequest;
19  import javax.servlet.ServletResponse;
20  import javax.servlet.http.HttpServletRequest;
21  import javax.servlet.http.HttpServletResponse;
22  
23  import org.eclipse.jetty.http.HttpHeaders;
24  import org.eclipse.jetty.http.security.Constraint;
25  import org.eclipse.jetty.security.ServerAuthException;
26  import org.eclipse.jetty.security.UserAuthentication;
27  import org.eclipse.jetty.server.Authentication;
28  import org.eclipse.jetty.server.UserIdentity;
29  import org.eclipse.jetty.server.Authentication.User;
30  import org.eclipse.jetty.util.B64Code;
31  import org.eclipse.jetty.util.StringUtil;
32  
33  /**
34   * @version $Rev: 4793 $ $Date: 2009-03-19 00:00:01 +0100 (Thu, 19 Mar 2009) $
35   */
36  public class BasicAuthenticator extends LoginAuthenticator 
37  {   
38      /* ------------------------------------------------------------ */
39      public BasicAuthenticator()
40      {
41      }
42      
43      /* ------------------------------------------------------------ */
44      /**
45       * @see org.eclipse.jetty.security.Authenticator#getAuthMethod()
46       */
47      public String getAuthMethod()
48      {
49          return Constraint.__BASIC_AUTH;
50      }
51  
52      /* ------------------------------------------------------------ */
53      /**
54       * @see org.eclipse.jetty.security.Authenticator#validateRequest(javax.servlet.ServletRequest, javax.servlet.ServletResponse, boolean)
55       */
56      public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException
57      {
58          HttpServletRequest request = (HttpServletRequest)req;
59          HttpServletResponse response = (HttpServletResponse)res;
60          String credentials = request.getHeader(HttpHeaders.AUTHORIZATION);
61  
62          try
63          {
64              if (!mandatory)
65                  return _deferred;
66                  
67              if (credentials != null)
68              {                 
69                  int space=credentials.indexOf(' ');
70                  if (space>0)
71                  {
72                      String method=credentials.substring(0,space);
73                      if ("basic".equalsIgnoreCase(method))
74                      {
75                          credentials = credentials.substring(space+1);
76                          credentials = B64Code.decode(credentials,StringUtil.__ISO_8859_1);
77                          int i = credentials.indexOf(':');
78                          if (i>0)
79                          {
80                              String username = credentials.substring(0,i);
81                              String password = credentials.substring(i+1);
82  
83                              UserIdentity user = _loginService.login(username,password);
84                              if (user!=null)
85                              {
86                                  renewSessionOnAuthentication(request,response);
87                                  return new UserAuthentication(getAuthMethod(),user);
88                              }
89                          }
90                      }
91                  }
92              }
93  
94              if (_deferred.isDeferred(response))
95                  return Authentication.UNAUTHENTICATED;
96              
97              response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "basic realm=\"" + _loginService.getName() + '"');
98              response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
99              return Authentication.SEND_CONTINUE;
100         }
101         catch (IOException e)
102         {
103             throw new ServerAuthException(e);
104         }
105     }
106 
107     public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, User validatedUser) throws ServerAuthException
108     {
109         return true;
110     }
111 
112 }